Note: All the SAML configuration and authentication steps discussed for Endpoint Central Cloud also applies to Patch Manager Plus Cloud and Remote Access Plus Cloud.
Security Assertion Markup Language (SAML) is the de facto open standard used for exchanging authentication and authorization details between the Service Provider and the Identity Provider. The exchange of details is done through digitally signed XML documents containing user data. Endpoint Central offers support for SAML 2.0 authentication. By enabling this feature, users can login to Endpoint Central Cloud via a Single Sign-On (SSO) service, which supports SAML authentication.
Service Provider - The application providing a specific service which authenticates and authorizes users by security assertions requested by SSO. For example: CRM, Endpoint Central, etc..
Identity Provider - The entity which maintains and manages the user's credentials. For example: Okta, OneLogin, etc..
Single Sign-On service - A service provided by Identity Provider, that has a centralized login system in which the user enters the credentials once, after which, the authentication and authorization details are passed to different service providers to grant access to the user.
The main advantage of SSO is that it has centralized authentication, thereby eliminating the need for users to remember multiple passwords to access different applications.
When a user tries to login to access the Service Provider, the user will be redirected to SSO login page. Upon entering the credentials, the SSO will pass the information to the Service Provider. Further, the Service Provider will decide based on the authentication and authorization details provided by the SSO, whether or not to grant access to the user.
After logging into Endpoint Central Cloud, go to the Admin tab and select SAML Authentication. Here, you can find the details that are provided by Endpoint Central Cloud to be entered in IdP's side.
After logging into the product console, go to the Admin tab, and select SAML Authentication. At the bottom, you have to enter the IdP's details.
Enter the following JSON code in the settings window for Auth0 configuration as shown:
{
"nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailaddress",
"nameIdentifierProbes": [
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
]
}